The Hottest Porn Videos Online mecum.porn Quality porns videos Free indian porn tube videos indiansexmovies.mobi hot indian women watch online
FRP内网穿透 + Nginx代理 + 获取Real IP

FRP内网穿透 + Nginx代理 + 获取真实IP

以下仅列出关键配置

外网服务端配置

如果指定反代ip,frp会无法获取host,导致502错误,采用以下方案可以解决,但需要开放fprs https端口,并指定解析$host的DNS服务器

Nginx

server {
    listen 443 ssl;
    server_name your.domain;

    ssl_certificate  ./your.domain.cer;
    ssl_certificate_key ./your.domain.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    server_tokens off;

    location / {
        resolver 223.5.5.5; # dns resolver server
        proxy_ssl_server_name on;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://$host:6443; # frps https port, set $host insead of ip
        error_page 502 http://$host:6080/$request_uri;
    }
}

参考issue #888: nginx https反向代理到frp https 报 502错误

参考frpc+frps+nginx反代+解析后端真实IP+双向https自动跳转+https证书配置的纯享版配置文件及操作指导

FRP Server

# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 5443
# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 5443
# if you want to configure or reload frps by dashboard, dashboard_port must be set
dashboard_port = 8090
# dashboard assets directory(only for debug mode)
dashboard_user = admin
dashboard_pwd = admin
# assets_dir = ./static
vhost_http_port = 6080
vhost_https_port = 6443
# console or real logFile path like ./frps.log
log_file = ./frps.log
# debug, info, warn, error
log_level = info
log_max_days = 3
# auth token
token = Your_Token
# It is convenient to use subdomain configure for http、https type when many people use one frps server together.
subdomain_host = your.domain
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
#allow_ports = 1-65535
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 50
# if tcp stream multiplexing is used, default is true
tcp_mux = true

本地客户端配置

Nginx

server
{
    listen 80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 172.31.0.1; # local server ip

    set_real_ip_from 172.31.0.1; # frp client ip
    real_ip_header X-Forwarded-For; #用于接收远端frps服务器上nginx传递的真实IP
    real_ip_recursive on;

    ssl_certificate    ./your.domain.cer;
    ssl_certificate_key    ./your.domain.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://application; # your local application ip
    }
}

FRP Client

[common]
token = Your_Token
server_addr = server_host
server_port = 5443

[index]
type = https
local_ip = 172.31.0.1
local_port = 443
custom_domains = your.domain
use_encryption=true
use_compression=true

获取IP

django为例:

def get_ip_address(request):
    ip = request.META.get('HTTP_X_REAL_IP', "")
    if not ip:
        ip = request.META.get("HTTP_X_FORWARDED_FOR", "")
    if not ip:
        ip = request.META.get('REMOTE_ADDR', "")
    client_ip = ip.split(",")[-1].strip() if ip else ""
    return client_ip

本文链接:FRP内网穿透 + Nginx代理 + 获取Real IP

转载声明:本站文章若无特别说明,皆为原创,转载请注明来源:PorYoung,谢谢!^^

Comments

  1. Arensi
    Windows Edge
    3 years ago
    2021-1-27 4:36:29

    您好,请问一下,我在在公网上一台服务器正在跑nginx,如何在不修改他nginx配置的情况下利用frp转发另一台服务器的80端口进行网页访问?
    我现在是frp转发了之后访问端口还是访问的frps跑的网页

    • PorYoung
      Owner
      Arensi
      Windows Edge
      3 years ago
      2021-1-27 5:36:26

      您好,不使用nginx的话可能无法用域名访问80端口,需要指定端口访问。
      在你需要访问的服务器上的frpc客户端配置custom_domains,比如test.domain.cn,这是在您公网nginx中没有配置的域名,但能够解析到您公网服务器的ip地址。
      公网服务器frp服务端不需要配置,然后只需要访问test.domain.cn:6080即可,6080是您frps设置的vhost_http_port = 6080。
      不知道能否帮助到你。

  2. Windows Firefox
    2 years ago
    2021-12-07 1:33:03

    为什么我反向代理到自己的https页面就502错误呢

Send Comment Edit Comment


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
Previous
Next